The GDPR comes into force next year, but it's clear that the much-hoped for uniformity and clarity it was intended to deliver is far from becoming a reality. Due to a lack of clarity in the legislation - as well as the wider data protection regulatory regime - a number of common challenges arise again and again. This blog identifies some of those key challenges and highlights areas where future regulatory guidance is sorely needed.

Implementation of the EU GDPR is less than a year away, and being 'GDPR ready' is a key focus for many organisations. To help, here we provide the top 10 steps to operationalise the GDPR in your organisation.

Most compliance professionals and in-house lawyers will be well aware that in GDPR terms the 'big day' is fast approaching. Some boards may by now have been persuaded this really should be at the top and not the bottom of the risk register. Others may be taking a more 'wait and see' approach ie wait and see who actually gets fined and how much. Then there will be a few who wasted no time, got their GDPR readiness plan in place and are already well on their way to passing the 25 May 2018 finishing line with 'GDPR star' status.
If, like many, you are still pondering where to even begin on the journey to GDPR star status - start with your contracts!

As GDPR is strengthens the rights of individuals in the EUs and becomes more prescriptive about the collection and use of data it doesn't forbid big data. Mark Webber explores the hurdles for businesses and how to handle big data with GDPR.

And so it has finally happened: on Wednesday this week, British diplomat Sir Tim Barrow handed in Prime Minister Theresa May's formal "Article 50" letter to Donald Tusk, President of the European Council. The question now is, what does Brexit mean for the future of UK data protection law?

The GDPR will introduce major changes to the data processing terms on which customers engage service providers. However, the GDPR's requirements will impact not just EU data processing agreements, but will set the standard for data protection agreements throughout the world as service providers compete to offer the most compliant service to their global customers. This blog explains why.

Almost every website under the sun uses the words "I accept the privacy policy" somewhere on their website. But using these words may carry unforeseen - and unintended - consequences for the business under the GDPR.
So what should you do instead? Read this post to find out.

The GDPR allows ordinary personal data to be collected and used on the basis of "unambiguous" consent. For sensitive data, it requires "explicit" consent.
The difference between these two standards has attracted excited debate in privacy circles, with some arguing that they are one and the same thing and that the GDPR no longer allows consent to be implied.
But is that correct? Is implied consent really no longer possible under the GDPR? This post explores both standards of consent and explains that, while they share many similarities, there are subtle differences and that - in appropriate contexts - implied consent is still possible.

There's been a lot written about what you need to do for when the new General Data Protection Regulation comes into effect. Not everything you've heard, though, may be entirely accurate. In this blog, we dispel a few of the most common myths about the GDPR.